Authentication and Encryption Vulnerability in SMA Solar Technology Products
CVE-2017-9857

8.1HIGH

Key Information:

Vendor

Sma

Status
Sunny Boy 3600 Firmware
Vendor
CVE Published:
5 August 2017

What is CVE-2017-9857?

A security vulnerability has been identified in the SMAdata2+ communication protocol used by SMA Solar Technology products. This issue arises due to improper authentication and lack of encryption, rendering the protocol susceptible to man in the middle, packet injection, and replay attacks. Attackers can exploit this vulnerability to intercept and manipulate communication packets, change settings, and access hidden functionalities of the system from any location within the network. Although the vendor asserts that authentication and encryption are unnecessary on isolated subnetworks, it is crucial to address these vulnerabilities to protect sensitive information and maintain system integrity.

References

http://www.sma.de/en/statement-on-cyber-security.html
x_refsource_MISC
https://horusscenario.com/CVE-information/
x_refsource_MISC
http://www.sma.de/fileadmin/content/global/specials/docum...
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.